*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
Compiled by; Mark E.S. Bernard, CISSP, CISM, SABSA-F2, CISA, CRISC, CGEIT, ISO 27001 Lead Auditor
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
Mark was trained by IBM on IBM’s AS400 and worked with IBM Global Serviceson a Red Team conducting penetration testing against off shore financialinstitutions. Mark has led the design and implementation of informationsecurity programs for many US and Canadian organisations using ISO. Mark ledCentral 1 Credit Union to become the first Canadian Bank to earn ISO/IEC 27001Certification. During Mark’s work with BC Government 2008 he also led theMinistry of Finance Division Corporate Account Services to become the firstCanadian Government entity to earn ISO 27001 Registration /Certification.
Mark is regarded as a Cybersecurity thoughtLeader. In 2002 Mark founded the AtlanticCanada High Technology Crime InvestigationAssociation. In 2015 Mark published the firstNIST Cybersecurity Framework Foundationcourse.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
Enterprise
Security
Architecture
was created
following the
natural order
in which
organizations
are structured.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
Organizational
Governance is a crucial
requirement of any
organizational design.
Providing the leadership
necessary to guide the
Enterprise to achieve its
strategic goals and
investor expectations.
This guidance comes
from the Board of
Directors and Executive
Team.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
Risk Management is the
linchpin of good
Governance and
organizational design. The
Board of Directors and
Executive Team utilize Risk
Management to make
decisions based on pros
and cons, potential impacts
due to the realizations of
Strategic Risks, Financial
Risks, Compliance Risks
and Operational Risks.
Risk is not just associated
with negative impacts, but
taking advantage of risk
can lead to positive
Business Benefits.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
The Enterprise Security
Management System is a
crucial integration point
providing assurance and
internal advisory services
on behalf of senior
business leaders to help
ensure that enterprise
design and architecture of
business processes and
infrastructure does not
contravene Risk
Management goals. The
ESMS encompasses
physical security,
information in all formats
health and safety.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
Enterprise Architecture is
based on Business
Requirements and the
information needed to
satisfy strategic
organizational goals.
These strategic goals can
only be satisfied if the
information and
knowledge is available,
maintains its security
based on sensitivity and
leverages the most
accurate data for Risk
Management decisions by
business leaders.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
Enterprise Architecture is
based on Business
Architecture supported by
the information required to
facilitate business. In
many cases business
systems are leverage to
manage the volume of
data input into the
business architecture.
These business systems
also help to improve the
security and integrity of
the information and data
required to deliver
services to customers and
make management
decisions.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
Enterprise Architecture is
based on Business
Architecture which drives
the requirements for
infrastructure delivering
information, data quality
and availability. The
sensitivity of information
required to achieve
Enterprise goals helps to
establish the requirements
for physical security,
environmental security
and the security of
employees also known as
health and safety.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
The requirements for
Enterprise Architecture
and Business Architecture
drives the requirements
for Human Resources.
The skills, experience and
general knowledge of
management and regular
staff help move the
organization towards its
strategic goals.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
The requirements for Enterprise
Architecture and Business
Architecture drives the
requirements for Procurement and
Contract Management of external
expertise, software, hardware, and
telecommunications. Once
acquired ongoing maintenance of
licenses and facilitation of Service
Management will be required.
Mergers and Acquisitions also fall
under Procurement, so the
requirements for confidentiality,
integrity and availability become a
seamless part of the organizations
products and services.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
The requirements for Enterprise
Architecture and Business
Architecture drives the requirements
for Business Continuity and Disaster
Recovery. These requirements must
bring value to the organization by
helping to facilitate service delivery
and product development and/or
enhance the organizations
reputation.
The organizations mission, strategic
goals and business benefits must be
realized. Risk Management and
Enterprise Security play a crucial role
in effective, efficient BC and DR.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
Service Management and Operations
facilitate the mitigation of risk to strategic
goals, financial planning, compliance
management. This is accomplished
through the consistent execution of mature
processes and continuous improvement.
These Standard Operating Procedures
(SOP) include control points for Quality
Management and Risk Management such
as management approval and
reconciliation or segregation of duties.
These control points are normally selected
in response to a risk assessment or audit
finding. Security standards help establish
criteria that will be followed during the
execution of SOP.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
Service Management is comprised of
11 unique processes that have been
fully integrated within each other. The
Service Desk is the central hub for
communications and service
management within the organization
and with external partners, investors
and customers.
Operations and Service Management
help the organization achiever
organizational strategic goals as
directed by Management, consulted
by the Enterprise Security Team and
Business Architecture group.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
The Service Management Team provides
the “boots on the ground” operations
employees who maintain the Digital
Service Delivery and Product Life Cycle
Channels.
The Service Management Team ensures
that the Service Orientated Architecture is
maintained. This includes ensuring that the
software, hardware and telecommunication
services are fully operational within the
agreed terms for business hours in support
of the Business Architecture requirements
and Enterprise Security requirements for
the confidentiality of information, integrity
of information and data, and availability of
information.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
The systems that employees
and customers rely upon are
prone to vulnerabilities that
could be exploited by a
motivated threat. The ESMS
will provide assurance that
these risks have been mitigated
by working with managers and
subject matter experts to
identify, risk assess, prioritize
and remediate as required. The
server stack and OSI or TCP/IP
stack are two examples of
t\where cracks can form
resulting in an exposure to
threats.
The achievement of organizational strategic
goals and objectives is contingent upon
maintaining a safe environment for
employees.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
The Enterprise Security
Management System
provides a single point of
contact and leadership for
Enterprise Security based on
strategic organizational
goals and objectives. The
ESMS brings together
physical security with
information security in
support of Business
Architecture guided by
organizational Governance
and Risk Management.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
ESMS Examples: Subjects of Interest
• Access Control
• Active Shooter
• Asset Protection and Management
• Background Screening/Due Diligence
• Bomb Threats
• CCTV
• Compliance Management
• Corruption/Ethics
• Crime, Prevention
• Cryptography
• Data/Information Security
• Data Privacy
• Disaster/Crisis Management
• Environmental
• Executive Protection/Personnel Security
• Facilities (General)
• Health and Safety
• Incident Management
• Investigations
• Mail Security
• Pandemics
• Physical Security, General
• Quality Management
• Risk Management
• Risk/Vulnerability Assessment and Site Surveys
• Security Personnel/Duties• Security Planning and Management
• Sexual Harassment/Discrimination
• Social Media
• Social Engineering
• Supply Chain
• Strikes/Demonstrations/Unrest
• Substance Abuse
• Telecommunications
• Travel
• Utilities
• Vehicles and Vehicle Operation
• Visitors
• Water• Workplace Violence
ESMS Examples: Applicable Industries
• Agriculture
• Aviation
• Banking
• Chemical
• Cities
• Distribution Centers
• Educational Institutions
• Energy Industry
• Factories
• FDIC
• Government
• Healthcare
• Industrial Sites
• Insurance
• Mass Transit
• Manufacturing
• Media
• Oil and gas/Energy
• Seaports
• Stadiums and Arenas
• Telecommunications
• Technology
• Theme Parks• Universities
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***
The Enterprise Security Management System is a valuable program that
can be seamlessly integrated within every business process to help
support and facilitate organizational strategic goals.
Enterprise Security Architecture helps to visualize and disseminate the
integration of business processes including the importance of
overarching governance and risk management influence within the
organization concerning the confidentiality of information, integrity of
business processes and data and the availability of people and
information to achieve strategic organizational goals.
If you need help with your Enterprise Security Management System
adoption or integration project please contact me, thanks.
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECURE KNOWLEDGE MANAGEMENT INC. ***