Design Factors: Threat Landscape and Compliance

00:00

let's move on to design factors of threat, landscape and compliance.

00:06

In this video, we're going to talk about threat, landscapes and compliance as design factors.

00:14

The threat landscape of your organization is another design factor that will be utilized when designing your governance program.

00:21

Your organization will need to do some form of threat modeling or assessment to see the current threat landscape that affects your I T systems.

00:30

It can be a simple as reporting normal threat levels or threat levels that are average for your industry organization size, geopolitical situation, etcetera,

00:40

high threat levels or a high threat environment can be for enterprises that find themselves in an unstable geopolitical situation or an industry that is frequented with cyber attacks. Like financial institutions,

00:54

you will have to evaluate whether you face normal threat levels, high threat levels or lower than average threat levels,

01:00

and then include that in your design.

01:03

If you have a high threat environment, then that is an important aspect or factor that you need to include in your governance program.

01:10

Ultimately, you want to protect your I t resource is and your information in this situation,

01:15

consider what threats you face as an organization.

01:19

What assets do you have at risk? And what are those threats?

01:26

Another design factor. Will it that will influence your governance program will be compliance requirements.

01:33

Compliance with laws, regulations and standards is essential.

01:38

Consider what compliance requirements your organization is subject to

01:42

Do. You do business with credit cards? Do you have to comply with P. C. I. D. S s?

01:46

Are you in the health care industry

01:48

and you're probably subjected to hip hop?

01:49

Do you do business with Europe and are subject of GDP Are

01:53

determine what compliance requirements affect your organization. And then from there, raped. Um,

02:00

an example of a rating system would be low compliance requirements or a minimal set of requirements,

02:06

meaning that you don't have that many laws that dictate how you do business.

02:09

On the other hand, high compliance requirements means you have a higher than average set of requirements like being obligated to comply with hippo requirements.

02:19

Compliance requirements are necessary to factor in your governance design.

02:23

What laws and regulations are you forced to comply with, depending on your industry, state location, etcetera?