Examples of a Governance Objectives Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
Now let's see how the objectives and components of a government system all mapped together.
00:08
In this video, we're going to talk about a governance objective. Example
00:12
BDM three with respect to process, organizational structures, information and people skills and competencies, and how each of these components contributes the fulfillment of a governance objective.
00:26
Let's take an example objective from the ADM domain.
00:29
We'll talk about the third objective, which is insured risk optimization.
00:34
The description of this objective is to ensure the risk, appetite and tolerance of the organization is communicated and understood within the enterprise.
00:44
It also focuses on ensuring that I t risk is managed within the organization.
00:51
The purpose of this objective is to ultimately ensure that I t risk does not exceed the risk appetite of the enterprise.
00:58
That includes identifying and managing I t related risks and minimizing compliance failures.
01:04
The enterprise goals that air supported by this governance objective is to manage business of risk and to allow for business service continuity and availability of I T systems and resource is
01:17
this alliance with the alignment goals of managing it related risks
01:21
and ensuring security of information processing infrastructure and applications and the overall privacy.
01:29
Let's take a look at the first enabler or component of this objective, which is process.
01:38
There are multiple processes within the E. D. M. Three objective.
01:41
We'll take a look at the first process for this governance objective. ADM 3.1.
01:47
There are three different process components that relate to the overall objective of e. D. M. Three.
01:53
The three processes include evaluating risk management,
01:56
directing risk management and monitoring risk management.
02:00
This components governance practice is to evaluate risk management.
02:05
This is to continually examine and evaluate the effective risk on the current and future use of the I T infrastructure.
02:13
It also urges members of the organization to consider whether the enterprises risk appetite is appropriate and ultimately it make sure that I t risk is identified and managed.
02:27
The example. Metrics for this component can be the level of unexpected enterprise impacts,
02:31
the percent of I t risk that exceeds the risk tolerance or the refreshment rate of risk factor evaluation.
02:39
The activities for this component include the understanding of organization and its context related toe. I t risk
02:46
determining the risk, appetite and determining the risk tolerance.
02:53
It's important to note the current capability level of the enterprise risk management and related activities
02:59
at what level is the organisation's e. R M. Already functioning?
03:02
Define the capability level and included in the governance program documentation.
03:08
The related guidance to this process is CO so Enterprise Risk Management published in June 2017.
03:15
The detailed reference to find out more information that relates to this component is listed here.
03:25
Let's talk about how organizational structures is a component of this government's objective.
03:30
For the organizational structure. You will relay the key governance practice, which we discussed earlier in this process component.
03:38
The three process components are evaluating risk management,
03:42
directing risk management and monitoring risk management.
03:46
We will then relate that back to the organizational role and assign who is accountable and who was responsible.
03:53
List out the organizational structures that will be included in this objective and key governance practices off evaluating, directing and monitoring risk management for overall insured risk optimization.
04:05
In this example, the board is accountable for these governance practices, and the chief risk officer is the one responsible.
04:14
You'll also want to lay out related guidance and detailed reference of where you confined what specifically relates to the accountability and responsibility of key governance practices
04:28
in the information, flows and items component of this governance objective. We're referring back to the three governance practice processes which are to evaluate,
04:36
direct and monitor risk management.
04:39
Correspondent Leigh will have inputs and outputs of information and information flows.
04:45
The inputs for evaluating risk management or ADM 3.1 will be the risk issues and factors,
04:51
and then it's corresponding. Output will be a risk appetite guidance
04:57
in regards to directing risk management.
05:00
The the input will be an aggregated risk profile, including the status of risk, and the output will be an improved process for measuring risk management
05:12
in relation to monitoring risk management. The input will be the risk analysis
05:16
and the output will be remedial actions to address risk management deviations to minimize risk.
05:25
In this component will also talk about a related guidance and detailed reference of where to find specific information that helps with each governance practice and the overall governance objective.
05:35
Do you see how the governance practices defined in the process component affects the inputs and outputs that contribute to the overall objective of insured risk optimization?
05:46
Let's keep going with the next component of people, skills and competencies.
05:53
In this component of the governance objective of insured risk, optimization will address the skills needed to fulfill the objective.
06:00
The skills would be business risk management and risk management skills.
06:05
There is related guidance listed here, and a detailed reference should be included of where to find those specific skills and competencies that relate to the supporting of the objective of risk optimization.
06:18
So in this video we talked about an overview of the government's objective e. D. M. Three and how
06:25
the process organizational structures, information on people, skills and competencies allow for idiom three to be implemented.
Up Next