Governance and Risk Management
Risk Governance -comes from executive management and the board of directors, the job is to align the risk strategy with the objectives of the organization
-Are we doing the right things?
-Are we doing things right?
-Are we getting things done well?
-Are we maximizing the benefits?
Risk Management -planning, building, running, and monitoring according to the directions established and in compliance with governance
Enterprise Risks: Databases
-code injection -only allow users to input the bare minimum, input validation, force users who are untrusted to use an interface that is trusted before they access your backend data
-scripting -regulate field size
-aggregation -the collection of information
-inference
-entity, semantic, and referential integrity
Utilities
-power -spikes, surge, sag, brownout, fault, blackout
-HVAC, humidity, EMI, RFI
Network Components
-cable, hubs, switches, routers, firewalls, proxies, network services, wireless communication
Users
-internal theft, fraud, salami attacks, data diddling, falsification of time-sheets, compromise of sensitive information, disgruntled employees
What are Enterprise Goals?
-the COBIT 5 generic enterprise goals can provide a starting point for the strategic planning
-the derived enterprise goals should be linked to stakeholder needs and governance objectives of value creation, namely benefits realization, risk optimization and resource optimization
Key principles of Enterprise Architecture
-define protections that enable trust in the cloud
-develop cross-platform capabilities and patterns for proprietary and open source providers
-facilitate trusted and efficient access, administration, and resiliency to the customer
-provide direction to secure information that is protected by regulations
