Quality Assurance and IT Risk Management

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Quality Assurance and IT Risk Management"

Transcription

1 Quality Assurance and IT Risk Deutsche Bank s QA and Testing Transformation Journey Michael Venditti Head of Enterprise Testing Services, Deutsche Bank

2 IT RISK - REGULATORY GOVERNANCE Major shifts in the role and functioning of Financial Institutions over the last few years have brought about a new way to regard risk. New banking products, increased government scrutiny and intense focus on operating efficiencies bring forth greater risks and a larger set of rules and regulations. A recent banking survey by the Economist Intelligence Unit shows that [30%] of all banks answer to 10 or more regulators [75%] of all banks report to four or more regulators [350+] potential regulatory reviews a year for a global bank

3 QA & TESTING TRANSFORMATION OVERVIEW Test Transformation Enterprise Testing Services The mission of Enterprise Testing Services is to define and validate that Testing Standards, Testing Tools and Solutions are implemented in a sound and sustainable way, maximizing focus on quality, risk reduction and stability. Challenges Intense Regulatory scrutiny focused on IT Testing Processes Inconsistencies in Testing Practices Need for enhanced Oversight for Testing Need for increased Production stability Minimum Testing Standards As a first step in transformation, Minimum Testing Standards (MTS) were defined in line with recommendations from External Regulatory Bodies (such as Monetary Authority of Singapore (MAS)) and the DB Internal Audit Group Successful MTS roll-out provided a repeatable and auditable approach laid the foundation for more robust Test Standards Test Standard Framework As a next step in transformation, Test Standard Framework was rolled out to create a foundation of a common set of Testing Standards unify the practice of Testing across the bank simplify test processes by integrating standards with tools Test Standards Governance A robust governance process was implemented to track adoption or compliance to Test Standard Framework by integrating test controls into SDLC Governance enabling all applications to demonstrate compliance to controls in a centralized tool automating verification of controls

4 Minimum Testing Standards DEFINE EDUCATE GOVERN Minimum Testing Standards (MTS) were developed and published. MTS requires evidence of standard test artifacts (following good engineering practices) that can be adapted for different types of releases. Standard requirements & related artefacts are: Test Risk Assessment, Test Approach, Test Cases & and Test Execution Results, Defects, Test Completion Report MTS introduced 3 levels of maturity Level 1, 2 and 3 Standards were designed to be methodology agnostic Comprehensive MTS orientation and training plan was published and all test professionals in the bank were mandated to attend MTS framework was published in a centralized repository and is accessible by all An e-learning module was developed with integrated certification mechanism Monthly training sessions were conducted and are on-going Special focus on strategic test vendors An independent Minimum Testing Standards Compliance (CM) team was constituted All application releases in scope were monitored through the change management system MTS CM team validates the artifacts provided against MTS requirements, reports any gaps Remediation of gaps was monitored through subsequent releases A Non-Compliance management process was rolled out Applications with two Non-Compliant releases were recommended for heightened change control process

5 TEST STANDARD FRAMEWORK DEFINE Collaborated with key testing stakeholders across various Business Units, Regions, Tech Centres etc., Developed Test Standard Framework, Key Operating Procedures, Templates, Tools Standardization EDUCATE GOVERN Test Standard Framework and associated artefacts were published in the Bank s policy portal Conducted Live Orientation sessions across the globe to cover over professionals and stakeholders A global webcast was delivered to ~ professionals Detailed How-To videos were created All training media was made available in a centralized Testing Standards Portal Periodic and on-demand training sessions were conducted (on-going) Q&A feature is enabled in the Testing Standards Portal to address queries Integrated Test related controls in SDLC Governance platform to enable independent verification of controls for random selection of releases Any gaps identified are either fixed in-flight, or risk accepted by Business Automated verification of controls is implemented for various test controls such as Test Environment compliance controls, test cases, defects etc.,

6 TEST STANDARD FRAMEWORK TEST PLANNING Test Standards Framework: Test Planning o Testing Risk Assessment (TRA) o Test Strategy o Test Plan Test Design o Test Cases Test Execution o Defect o Test Execution Results Test Closure o Test Evaluation Reporting Additional Standard Requirements o Test Data o Test Environment o Performance Engineering Test Planning is required for all releases and must detail what and how Testing is to be performed. Test Planning consists of several elements that may be captured in one or several documents Testing Risk Assessment (TRA) Created to determine the risk associated with release to production, and provide the types of Testing recommendations which are required to minimize that risk Test Strategy Test Plan Created to gain general Stakeholder agreement, ensure appropriate availability of resources for What Test Types are to be performed Provides details of How" each Test Type will be performed, and is updated for each release For applications releasing very frequently a Test Plan - Multi Release may be produced, instead of a Test Plan for each release Test Plan - Multi Release Vs Test Plan Release Frequency Test Planning Artifacts <= 3 weeks Test Plan - Multi Release > 3 weeks Test Plan

7 TEST STANDARD FRAMEWORK TEST DESIGN, EXECUTION & CLOSURE Test Standards Framework: Test Planning o Testing Risk Assessment (TRA) o Test Strategy o Test Plan Test Design o Test Cases Test Execution o Defect o Test Execution Results Test Closure o Test Evaluation Reporting Additional Standard Requirements o Test Data o Test Environment o Performance Engineering Test Design Test Cases Test Cases are used to verify that the Business and Technical requirements work as expected and validate that the functionality meets specified requirements Test Execution Defect A Defect Process defines how defects are recognized and resolved in all stages of SDLC. It involves recording Defects, ensuring repeatability, classification and prioritization, and reporting the resolution progress Test Execution Results Test execution results must include planned Test Cases executed with actual Test results and stored in a standard Test Tool. All failed Test Cases must be traceable to Defects Test Closure Test Evaluation Reporting A Test Summary Report at the end of each Test Type may be required. These may be collected at the end of the Test Closure Phase of the STLC. A Test Evaluation Report must be prepared to demonstrate successful completion of all Test Types at completion of the Test Closure Phase.

8 TEST STANDARD FRAMEWORK ADDITIONAL STANDARDS Test Standards Framework: Test Planning o Testing Risk Assessment (TRA) o Test Strategy o Test Plan Test Design o Test Cases Test Execution o Defect o Test Execution Results Test Closure o Test Evaluation Reporting Additional Standard Requirements o Test Data o Test Environment o Performance Engineering Test Data Testing must be conducted on synthetic Test data that is free from Client Identifying Data. Sensitive data must be anonymized in a controlled environment before moving to a Test Environment Production-like access controls must be in place when sensitive information needs to be used without masking in a Test Environment Test Environment Applications must have Test Environments that resemble production from a hardware, software and configuration point of view QA Test Environments must be logically separated from all other non-qa Environments All Test Environment changes must be implemented with strict access controls Test Environment changes must be performed in a controlled manner Any change to a Test Environment should be accompanied with an appropriate back out or recovery mechanism and be smoke Tested to confirm viability Performance Engineering Performance Testing is required whenever - Changes are made to any hardware, configuration or software components Components are moved to different data centers Usage volume increases A dedicated Performance Test Environment must be made available that resembles production

9 GOVERNANCE OVERVIEW A robust governance model is implemented in SDLC Governance tool for governing the development and delivery of planned application releases. It is a tool of record for compliance rather than an SDLC workflow orchestrator. There are 5 key elements of the model: 1. Policy and control levels mapping elements of policies and specific audit point solutions to a set of controls of appropriate level IT & Security Policy Test Standard Framework Audit issue solutions 3. Release characteristics determining which controls need to apply depending on release characteristics Mandatory Controls for each release 2. Control origins confirmations from tools and repositories in the strategic tools stack, or performed manually SDLC Chg. Mgt. Live 4. Generic lifecycle mapping the controls to appropriate generic phases and quality gates in the SDLC, independent of development method 5. Assurance assuring that controls are appropriately met, involving project and external stakeholders where needed, plus tight integration with Change as a precursor to production deployment

10 TEST CONTROLS IN SDLC GOVERNANCE Application/ Release Level Application Release Release Release Release Release Application Application Application Testing Risk Assessment Control Summary Test Plan for release created Test Cases for release created & traceability established Test Cases for release executed Defects (where appropriate) are captured and tracked for the release Test Evaluation report approved and completed Environment management plan for application in place UAT / OAT or pre-production staging environment for application operational and distinct from production environment UAT / OAT and Development application environments are defined in the centralized tool Control Description A Testing Risk Assessment (TRA) is an Excel based tool to profile an application to minimize risks and provide recommendations of various test types required. Single or reusable Multi Release Test Plans may be produced depending on the frequency and agility of application releases. Test cases for release are created, available and linked to the requirements. Ensure that all test cases have been executed and the evidence has been generated / documented. Defects must be captured in a defined repository. Documentation of the defect must provide sufficient details to understand the impact and to reproduce it. Test Evaluation Report prepared to demonstrate successful completion of all Test Types as per the Test Plan. Where applicable, references to tools can be provided for test report data. db-tec portal enables automatic verification of these controls for all applications that are on-boarded

11 TRANSFORMATION JOURNEY Basic Inconsistent Testing processes No standard STLC process. Production instability Progressive Organizational & Governance structures Implemented Global Test Standard Framework defined Test Standards, Processes and Templates rolled out globally Test Process Governance in place 2 Basic (Level 2) 3 Pockets of Best Practices, but Inconsistent Progressive (Level 3) 4 Mature (Level 4) Institutionalized Testing Processes & Standards Policy Driven Standards & Processes 5 Industry Leader (Level 5) Leading Organization 1 Start up (Level 1) Testing is Chaotic, When Performed The Levels defined here are based on Infosys Enterprise QA Transformation Model (EQATM) which provides a framework of 4 test dimensions and 20 process areas

12 TRANSFORMATION PROGRESS SNAPSHOT Continuing to Mature Test Requirements Gathering Knowledge 5 Test Strategizing Test Case & Test Data Testing Career Path Design 4 Training & Skill Test Tools & Development Test Measurement & 3 2 Automation Test Execution & Defect Reporting Test Requirements Gathering Knowledge 5 Test Strategizing Test Case & Test Data Testing Career Path Design 4 Training & Skill Development 3 Test Tools & Automation Test Measurement & 2 Test Execution & Defect Reporting Test Organizational Structure 1 Test Environment Test Organizational Structure 1 Test Environment Test Policy Test Estimation Test Policy Test Estimation Test Process Test Planning & Monitoring Test Process Test Planning & Monitoring Test Methodology Defect Organizational Risk Test Ware Test Communication Test Methodology Defect Organizational Risk Test Ware Test Communication

13 KEY ACCOMPLISHMENTS IT Professionals offered training through Global Webcast Test Professionals Trained through Live Orientation Sessions Test Professionals attended MTS Training elearning Certificates issued Applications assessed for MTS Compliance Random Spot Checks conducted Releases monitored for Compliance Potential savings by reducing production incidents

14 THANK YOU

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...

More information

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Charting the Course... Certified Information Systems Auditor (CISA) Course Summary Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting

More information

Drive digital transformation with an enterprise-grade Managed Private Cloud

Drive digital transformation with an enterprise-grade Managed Private Cloud Singtel Business Product Factsheet Brochure Managed Private Defense Cloud Services Drive digital transformation with an enterprise-grade Managed Private Cloud Singtel Managed Private Cloud enables enterprises

More information

SDLC Maturity Models

SDLC Maturity Models www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications

More information

Business Continuity Management Standards A Side-by-Side Comparison

Business Continuity Management Standards A Side-by-Side Comparison Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan

More information

Global Statement of Business Continuity

Global Statement of Business Continuity Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program

More information

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

Enterprise GRC Implementation

Enterprise GRC Implementation Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest

More information

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing

More information

University of British Columbia Library. Persistent Digital Collections Implementation Plan. Final project report Summary version

University of British Columbia Library. Persistent Digital Collections Implementation Plan. Final project report Summary version University of British Columbia Library Persistent Digital Collections Implementation Plan Final project report Summary version May 16, 2012 Prepared by 1. Introduction In 2011 Artefactual Systems Inc.

More information

for TOGAF Practitioners Hands-on training to deliver an Architecture Project using the TOGAF Architecture Development Method

for TOGAF Practitioners Hands-on training to deliver an Architecture Project using the TOGAF Architecture Development Method Course Syllabus for 3 days Expert led Enterprise Architect hands-on training "An Architect, in the subtlest application of the word, describes one able to engage and arrange all elements of an environment

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014 UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY Report No. 1173 Issue Date: 8 January 2014 Table of Contents Executive Summary

More information

Google Cloud & the General Data Protection Regulation (GDPR)

Google Cloud & the General Data Protection Regulation (GDPR) Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to

More information

Tools & Techniques I: New Internal Auditor

Tools & Techniques I: New Internal Auditor About This Course Tools & Techniques I: New Internal Auditor Course Description Learn the basics of auditing at the new internal auditor level. This course provides an overview of the life cycle of an

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value

More information

HP Fortify Software Security Center

HP Fortify Software Security Center HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)

More information

Data Governance Central to Data Management Success

Data Governance Central to Data Management Success Data Governance Central to Data Success International Anne Marie Smith, Ph.D. DAMA International DMBOK Editorial Review Board Primary Contributor EWSolutions, Inc Principal Consultant and Director of Education

More information

Accelerate your Software Delivery Lifecycle with IBM Development and Test Environment Services

Accelerate your Software Delivery Lifecycle with IBM Development and Test Environment Services Accelerate your Software Delivery Lifecycle with IBM Development and Test Environment Services DevOps Best Practices for High-Performing Enterprises Enterprise capability for continuous software delivery

More information

Run the business. Not the risks.

Run the business. Not the risks. Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.

More information

Veritas Provisioning Manager

Veritas Provisioning Manager Veritas Provisioning Manager Automated server provisioning, part of the Veritas Server Foundation suite, automates server provisioning and management from physical bare metal discovery and OS installation

More information

Threat and Vulnerability Assessment Tool

Threat and Vulnerability Assessment Tool TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...

More information

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016 Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data

More information

WELCOME TO ITIL FOUNDATIONS PREP CLASS AUBREY KAIGLER

WELCOME TO ITIL FOUNDATIONS PREP CLASS AUBREY KAIGLER WELCOME TO ITIL FOUNDATIONS PREP CLASS AUBREY KAIGLER 2 Demand Management Demand management: The process used to make investmentrelated decisions across the enterprise. Pattern Pattern of of Business Activity

More information

Strengthen hybrid cloud operations and controls with Liquid Sky. Singtel Business

Strengthen hybrid cloud operations and controls with Liquid Sky. Singtel Business Singtel Business Product Factsheet Brochure Managed Singtel Liquid Defense Sky Services Strengthen hybrid cloud operations and controls with Liquid Sky Singtel Liquid Sky is a hybrid cloud management portal

More information

Sparta Systems TrackWise Digital Solution

Sparta Systems TrackWise Digital Solution Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities

More information

Information Security and Service Management. Security and Risk Management ISSM and ITIL/ITSM Interrelationship

Information Security and Service Management. Security and Risk Management ISSM and ITIL/ITSM Interrelationship Information Security and Service Management for Management better business for State outcomes & Local Governments Security and Risk Management ISSM and ITIL/ITSM Interrelationship Introduction Over the

More information

NOW IS THE TIME. to secure our future

NOW IS THE TIME. to secure our future NOW IS THE TIME to secure our future A FRAMEWORK FOR UNITING THE CANADIAN ACCOUNTING PROFESSION VISION FOR THE PROFESSION To be the pre-eminent, internationally recognized Canadian accounting designation

More information

Data Governance Quick Start

Data Governance Quick Start Service Offering Data Governance Quick Start Congratulations! You ve been named the Data Governance Leader Now What? Benefits Accelerate the initiation of your Data Governance program with an industry

More information

WORKSHARE SECURITY OVERVIEW

WORKSHARE SECURITY OVERVIEW WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625

More information

Springforward, Inc. Capability Statement Section 508 Compliance

Springforward, Inc. Capability Statement Section 508 Compliance Springforward, Inc. Capability Statement Section 508 Compliance Point of Contact: Springforward, Inc. Kimberly June, CEO 410.382.9302 (Mobile) kjune@springforwardtek.com www.springforwardtek.com Table

More information

Importance of the Data Management process in setting up the GDPR within a company CREOBIS

Importance of the Data Management process in setting up the GDPR within a company CREOBIS Importance of the Data Management process in setting up the GDPR within a company CREOBIS 1 Alain Cieslik Personal Data is the oil of the digital world 2 Alain Cieslik Personal information comes in different

More information

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

E-guide CISSP Prep: 4 Steps to Achieve Your Certification CISSP Prep: 4 Steps to Achieve Your Certification Practice for the exam and keep your skills sharp : Thank you for downloading our CISSP certification guide. Aside from this handy PDF, you can also access

More information

PROTERRA CERTIFICATION PROTOCOL V2.2

PROTERRA CERTIFICATION PROTOCOL V2.2 PROTERRA CERTIFICATION PROTOCOL V2.2 TABLE OF CONTENTS 1. Introduction 2. Scope of this document 3. Definitions and Abbreviations 4. Approval procedure for Certification Bodies 5. Certification Requirements

More information

Information Security Continuous Monitoring (ISCM) Program Evaluation

Information Security Continuous Monitoring (ISCM) Program Evaluation Information Security Continuous Monitoring (ISCM) Program Evaluation Cybersecurity Assurance Branch Federal Network Resilience Division Chad J. Baer FNR Program Manager Chief Operational Assurance Agenda

More information

Streamlined FISMA Compliance For Hosted Information Systems

Streamlined FISMA Compliance For Hosted Information Systems Streamlined FISMA Compliance For Hosted Information Systems Faster Certification and Accreditation at a Reduced Cost IT-CNP, INC. WWW.GOVDATAHOSTING.COM WHITEPAPER :: Executive Summary Federal, State and

More information

Conference for Food Protection. Standards for Accreditation of Food Protection Manager Certification Programs. Frequently Asked Questions

Conference for Food Protection. Standards for Accreditation of Food Protection Manager Certification Programs. Frequently Asked Questions Conference for Food Protection Standards for Accreditation of Food Protection Manager Certification Programs Frequently Asked Questions Q. What was the primary purpose for the Conference for Food Protection

More information

Drive Your Career Forward IIA Certifications and Qualifications

Drive Your Career Forward IIA Certifications and Qualifications CCSA CRMA CFSA CGAP Don t miss out on the CIA Application Fee Waiver in August! More information is available on the back cover. Drive Your Career Forward IIA Certifications and Qualifications Mapping

More information

ALM120 Application Lifecycle Management 12.0 Essentials Gold Package

ALM120 Application Lifecycle Management 12.0 Essentials Gold Package Course Data Sheet ALM120 Application Lifecycle Management 12.0 Essentials Gold Package Course No: ALM120-120 For software version(s): Software version used in the labs: 12.0 Delivery formats: Instructor

More information

The Center for Internet Security

The Center for Internet Security The Center for Internet Security The CIS Security Metrics Service July 1 2008 Organizations struggle to make cost-effective security investment decisions; information security professionals lack widely

More information

E-guide Getting your CISSP Certification

E-guide Getting your CISSP Certification Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International

More information

UFT120 Unified Functional Testing 12.0 Essentials Instructor-Led Training For version 12.0

UFT120 Unified Functional Testing 12.0 Essentials Instructor-Led Training For version 12.0 UFT120 Unified Functional Testing 12.0 Essentials Instructor-Led Training For version 12.0 Overview This course provides a comprehensive understanding of how to use the Unified Functional Testing (UFT)

More information

Crown Jewels Risk Assessment: Cost- Effective Risk Identification

Crown Jewels Risk Assessment: Cost- Effective Risk Identification SESSION ID: GRC-W11 Crown Jewels Risk Assessment: Cost- Effective Risk Identification Douglas J. Landoll, CISSP, MBA, ISSA Distinguished Fellow CEO Lantego @douglandoll Information Security Risk Assessment

More information

Navigating the Clouds Fortifying ITIL for Cloud Governance

Navigating the Clouds Fortifying ITIL for Cloud Governance Navigating the Clouds Fortifying ITIL for Cloud Governance DECEMBER 2011 Cloud adoption promises to be an interesting journey for an enterprise with its luring benefits of on-demand models enabling faster

More information

Overview of the. Computer Security Incident Response Plan. Process Resource Center

Overview of the. Computer Security Incident Response Plan. Process Resource Center Overview of the Computer Security Incident Response Plan Process Resource Center Mobilized CSIRP: Visually Intuitive, Accurate, Complete, Succinct Content Available On-the-Go Process Resource Centers:

More information

SharePoint 2016 Site Collections and Site Owner Administration

SharePoint 2016 Site Collections and Site Owner Administration SharePoint 2016 Site Collections and Site Owner Administration Course 55234A - Five days - Instructor-led - Hands-on Introduction This five-day instructor-led course is intended for power users and IT

More information

Accreditation Body Evaluation Procedure for AASHTO R18 Accreditation

Accreditation Body Evaluation Procedure for AASHTO R18 Accreditation Accreditation Body Evaluation Procedure for AASHTO R18 Accreditation Final August 9, 2016 Page 1 of 12 Section Number Table of Contents Title of Section 0 Purpose 1 Scope 2 References 3 Objectives 4 Criteria

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

MHA Consulting BCM Metrics Resiliency Through Measurement

MHA Consulting BCM Metrics Resiliency Through Measurement 0 MHA Consulting BCM Metrics Resiliency Through Measurement Presented by: Michael Herrera, CBCP March, 2013 2009 2013 MHA MHA Consulting All All Rights Rights Reserved. Reserved. Agenda 1 Overview A Menu

More information

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number

More information

DELIVERING AGILE QUALITY ASSURANCE THROUGH EXTREME AUTOMATION

DELIVERING AGILE QUALITY ASSURANCE THROUGH EXTREME AUTOMATION DELIVERING AGILE QUALITY ASSURANCE THROUGH EXTREME AUTOMATION Enterprises that keep pace with rapid technology advancements are witnessing dynamic changes in their business environments. Enterprise applications

More information

Datacenter Management and The Private Cloud. Troy Sharpe Core Infrastructure Specialist Microsoft Corp, Education

Datacenter Management and The Private Cloud. Troy Sharpe Core Infrastructure Specialist Microsoft Corp, Education Datacenter Management and The Private Cloud Troy Sharpe Core Infrastructure Specialist Microsoft Corp, Education System Center Helps Deliver IT as a Service Configure App Controller Orchestrator Deploy

More information

Advanced Security Tester Course Outline

Advanced Security Tester Course Outline Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,

More information

Integrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta

Integrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta Integrating ITIL and COBIT 5 to optimize IT Process and service delivery Johan Muliadi Kerta Measurement is the first step that leads to control and eventually to improvement. If you can t measure something,

More information

Why MyITstudy is the best solution for your IT training needs

Why MyITstudy is the best solution for your IT training needs MyITstudy - The most trusted and effective partner for your IT training needs MyITstudy is a brand of, a leading global education training provider with offices in the US, UK, Australia, Germany, Canada,

More information

Microsoft SharePoint Server 2013 Plan, Configure & Manage

Microsoft SharePoint Server 2013 Plan, Configure & Manage Microsoft SharePoint Server 2013 Plan, Configure & Manage Course 20331-20332B 5 Days Instructor-led, Hands on Course Information This five day instructor-led course omits the overlap and redundancy that

More information

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES SERVICE, SUPPORT AND EXPERT GUIDANCE FOR THE MIGRATION AND IMPLEMENTATION OF YOUR ORACLE APPLICATIONS ON ORACLE INFRASTRUCTURE

More information

How Secure is Blockchain? June 6 th, 2017

How Secure is Blockchain? June 6 th, 2017 How Secure is Blockchain? June 6 th, 2017 Before we get started... This is a 60 minute webcast For better viewing experience, close all other applications For better sound quality, please use headphones

More information

CMPIC s CM Training & Certification Courses

CMPIC s CM Training & Certification Courses CMPIC s CM Training & Courses CMPIC www.cmpic.com CMPIC Courses Why Choose CMPIC? Why choose CMPIC for your CM Training? CMPIC provides high quality, cost-effective, and the most up-to-date Configuration

More information

ITG. Information Security Management System Manual

ITG. Information Security Management System Manual ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005

More information

Cybersecurity Roadmap: Global Healthcare Security Architecture

Cybersecurity Roadmap: Global Healthcare Security Architecture SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products

More information

Certification Exam Outline Effective Date: September 2013

Certification Exam Outline Effective Date: September 2013 Certification Exam Outline Effective Date: September 2013 About CAP The Certified Authorization Professional (CAP) is an information security practitioner who champions system security commensurate with

More information

Expert Test Manager: Operational Module Course Outline

Expert Test Manager: Operational Module Course Outline Expert Test Manager: Operational Module Course Outline General Description A truly successful test organization not only has solid, relevant test objectives and a test strategy, but it also has the means

More information

Automated Acceptance testing by Developers & Automated Functional Testing by Testers

Automated Acceptance testing by Developers & Automated Functional Testing by Testers Automated Acceptance testing by Developers & Automated Functional Testing by Testers Gowrishankar Sundararajan QA Manager Tata Consultancy Services, Canada Executive Summary Overview on Traditional Agile

More information

Project Management Professional (PMP ) Certification

Project Management Professional (PMP ) Certification Project Management Professional (PMP ) Certification atsc is the leading Training provider in the country with 10 years of experienced in conducting the PMP training. Ensuring your success with the right

More information

JBoss Enterprise Middleware

JBoss Enterprise Middleware JBoss Enterprise Middleware Making software from the open source community ready for the enterprise DLT Solutions 2411 Dulles Corner Park, Suite 800 Herndon, VA 20171 Web: www.dlt.com Phone: 703-709-7172

More information

Managing your Cloud with Confidence

Managing your Cloud with Confidence Mobility Cloud and Security Managing your Cloud with Confidence Stephen Miles VP Service Assurance - APJ Agenda The Digital Revolution and the changing IT Landscape Management challenges in the new world

More information

Audit Report. City & Guilds

Audit Report. City & Guilds Audit Report City & Guilds 3 April 2014 and 5 March 2015 Contents 1 Background 1 1.1 Scope 1 1.2 Audit Report and Action Plan Timescales 2 1.3 Summary of Audit Issues and Recommendations 3 1.4 Risk Rating

More information

ISSEP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

ISSEP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard Certification Exam Outline Effective Date: March 2018 About CISSP-ISSEP The Information Systems Security Engineering Professional (ISSEP) is a CISSP who specializes in the practical application of systems

More information

Introduction to AWS GoldBase

Introduction to AWS GoldBase Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document

More information

Move Performance Testing to the Next Level with HP Performance Center September 11, Copyright 2013 Vivit Worldwide

Move Performance Testing to the Next Level with HP Performance Center September 11, Copyright 2013 Vivit Worldwide Move Performance Testing to the Next Level with HP Performance Center September 11, 2013 Copyright 2013 Vivit Worldwide Brought to you by Copyright 2013 Vivit Worldwide Hosted by Megan Shelton Vivit Performance

More information

Optimisation drives digital transformation

Optimisation drives digital transformation January 2017 Executive summary Forward-thinking business leaders are challenging their organisations to achieve transformation by harnessing digital technologies with organisational, operational, and business

More information

Magento Enterprise Edition Customer Support Guide

Magento Enterprise Edition Customer Support Guide Magento Enterprise Edition Customer Support Guide April 2017 magento.com/support 2017 Magento, Inc. All rights reserved. Thank You for using Magento Enterprise Edition Customer support is a vital part

More information

An Overview of TOGAF Version 9.1

An Overview of TOGAF Version 9.1 An Overview of TOGAF Version 9.1 Robert Weisman MSc, PEng, PMP, CD CEO / Chief Enterprise Architect robert.weisman@buildthevision.ca 44 Montgomery Street 1168 Ste Therese Ottawa, Ontario Canada K1C2A6

More information

What's new with Rational IBM s Telelogic Solutions move to Jazz

What's new with Rational IBM s Telelogic Solutions move to Jazz IBM Software Group What's new with Rational IBM s Telelogic Solutions move to Jazz Heimo Feldbaumer, 11.11.2010 2010 IBM Corporation IBM s Telelogic Solutions move to Jazz Zusammenspiel und Integration

More information

Service Description: CNS Federal High Touch Technical Support

Service Description: CNS Federal High Touch Technical Support Page 1 of 1 Service Description: CNS Federal High Touch Technical Support This service description ( Service Description ) describes Cisco s Federal High Touch Technical support (CNS-HTTS), a tier 2 in

More information

VMEdu. 94 (Out of 100) D&B Rating. A+ BBB Rating. VMEdu Training. VMEdu Platform

VMEdu. 94 (Out of 100) D&B Rating. A+ BBB Rating. VMEdu Training. VMEdu Platform VMEdu VMEdu provides organizations with corporate training and training solutions to manage their learning and development needs efficiently. VMEdu Training VMEdu Inc. is a leading global training service

More information

The Value of Force.com as a GRC Platform

The Value of Force.com as a GRC Platform The Value of Force.com as a GRC Platform Andy Evans - Xactium Limited March 2009 Executive Summary The importance of governance, risk and compliance (GRC) activities to organizations has become increasingly

More information

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002 ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION

More information

Six Sigma in the datacenter drives a zero-defects culture

Six Sigma in the datacenter drives a zero-defects culture Six Sigma in the datacenter drives a zero-defects culture Situation Like many IT organizations, Microsoft IT wants to keep its global infrastructure available at all times. Scope, scale, and an environment

More information

PROJECT MANAGEMENT PROFESSIONAL (PMP)

PROJECT MANAGEMENT PROFESSIONAL (PMP) PROJECT MANAGEMENT PROFESSIONAL (PMP) EXAM PREPARATION TRAINING WHAT IS PMP? Government, commercial and other organizations employ PMP certified project managers in an attempt to improve the success rate

More information

CISCO BUSINESS CRITICAL SERVICES FOUNDATION THEME

CISCO BUSINESS CRITICAL SERVICES FOUNDATION THEME CISCO BUSINESS CRITICAL SERVICES FOUNDATION THEME This document contains the detailed description of capabilities and s aligned to Cisco Business Critical Services Foundation theme. Note: This document

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE EXAM PREPARATION GUIDE PECB Certified Data Protection Officer The objective of the PECB Certified Data Protection Officer examination is to ensure that the candidate has acquired the knowledge and skills

More information

Building a Resilient Security Posture for Effective Breach Prevention

Building a Resilient Security Posture for Effective Breach Prevention SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.

More information

Vulnerability Assessments and Penetration Testing

Vulnerability Assessments and Penetration Testing CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze

More information

Configuration Management Databases (CMDBs) and Configuration Management System (CMS) are both elements of what larger entity?

Configuration Management Databases (CMDBs) and Configuration Management System (CMS) are both elements of what larger entity? ITIL Foundation mock exam 3 1. Configuration Management Databases (CMDBs) and Configuration Management System (CMS) are both elements of what larger entity? A) The Asset Register B) The Service Knowledge

More information

White Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection

White Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection White Paper Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection Table of Contents Introduction....3 Positive versus Negative Application Security....3 Continuous Audit and Assessment

More information

Modern Database Architectures Demand Modern Data Security Measures

Modern Database Architectures Demand Modern Data Security Measures Forrester Opportunity Snapshot: A Custom Study Commissioned By Imperva January 2018 Modern Database Architectures Demand Modern Data Security Measures GET STARTED Introduction The fast-paced, ever-changing

More information

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls Table of Contents Introduction.... 3 Positive versus Negative Application Security....

More information

Level 4 Diploma in Computing

Level 4 Diploma in Computing Level 4 Diploma in Computing 1 www.lsib.co.uk Objective of the qualification: It should available to everyone who is capable of reaching the required standards It should be free from any barriers that

More information

Now you can Microsoft Visual Studio 2010 with MSDN

Now you can Microsoft Visual Studio 2010 with MSDN Now you can Microsoft Visual Studio 2010 with MSDN gives your development teams the advanced functionality, superior benefits, and convenient access to the latest tools and resources they need to cost-effectively

More information

DEFINING FEATURES OF QUALITY CERTIFICATION AND ASSESSMENT-BASED CERTIFICATE PROGRAMS (Draft) Rev. 5.1 August 8, 2007

DEFINING FEATURES OF QUALITY CERTIFICATION AND ASSESSMENT-BASED CERTIFICATE PROGRAMS (Draft) Rev. 5.1 August 8, 2007 Introduction In January 2007, the National Organization for Competency Assurance (NOCA) Board of Directors established a Certificate Task Force to: identify characteristics of quality certification and

More information

CONSTRUCTION MANAGER CERTIFICATION INSTITUTE. Recertification Point Provider Guide

CONSTRUCTION MANAGER CERTIFICATION INSTITUTE. Recertification Point Provider Guide CONSTRUCTION MANAGER CERTIFICATION INSTITUTE Recertification Point Provider Guide 6CONTENTS Recertification Overview... 3 PART ONE: Why Become a Recertification Points Provider... 4 Recertification Point

More information

Watson Developer Cloud Security Overview

Watson Developer Cloud Security Overview Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for

More information

IT Attestation in the Cloud Era

IT Attestation in the Cloud Era IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction

More information

IT Enterprise Services. Capita Private Cloud. Cloud potential unleashed

IT Enterprise Services. Capita Private Cloud. Cloud potential unleashed IT Enterprise Services Capita Private Cloud Cloud potential unleashed Cloud computing at its best Cloud is fast becoming an integral part of every IT strategy. It reduces cost and complexity, whilst bringing

More information

SIEM: Five Requirements that Solve the Bigger Business Issues

SIEM: Five Requirements that Solve the Bigger Business Issues SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered

More information