Stages and Steps in the Design Process
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
3 hours 43 minutes
there are different stages and steps in the design process that need to be addressed.
So in this video we're going to talk about the forest stages and steps of designing a governance program, an overview of each step and the end result of the design process.
So there are four steps and stages in the governance system. Design workflow.
Let's go through each One
step One is to understand the enterprise, context and strategy,
meaning it's essential to first understand the enterprise, its strategy goals, its current risk profile and I t related issues.
What is the enterprises strategy?
Is it focused on being more risk averse or being more innovative? What are the goals?
Is it being more customer service oriented or remaining compliant with laws and regulations that it's subject thio?
What is the current risk profile of the company? What risks does it face?
What is its risk appetite?
What are the risks aligned with the organization's risk appetite?
It's also important to understand the current IT related issues the enterprise face
is it non compliant with laws and regulations and standards is the cost of I t excessively high,
determine and understand what these issues are.
Step two is to determine the initial scope of the governance system.
Consider what the enterprise strategy is.
What will the scope and tail
consider the enterprises goals and apply the goals? Cascade.
Do you remember how the goals cascade links enterprise goals with alignment goals?
Thus, consider what are your enterprise goals? And consider how they will link thio alignment goals
that should assist you with setting your scope for your governance system.
Additionally, consider the risk profile and the current it related issues the enterprise faces.
For example, an enterprise that wants to manage risk and is overall risk averse will include its risk profile and I t related issues that poses risk in its scope. And it may frame its entire scope around the aforementioned
Step three focuses on refining the scope of the governance system.
Consider the threat landscape
compliance requirements, role of I T sourcing model I T implementation methods, enterprise size and the I T. Adoption strategy. When refining your scope,
make sure you are being inclusive to have a meaningful impact of your I T governance program, while balancing a scope that does not lose track and site of your overall goals, and business objectives.
Having a refined scope will ensure that you are upholding the governance and management objectives that support your I t. Governance of your enterprise.
Lastly, Step four will conclude the governance system design.
In this step, you will resolve inherent priority conflicts and set the priority of your enterprise.
For example, managing security and supporting innovation may have conflicts.
Thus set the priority for your I t governance objectives.
In this step, you will conclude the governance system and design, and you'll begin to start implementation.
Okay, quick pop quiz. How many steps are there in the design process as defined by Kobe? It,
if you said for you are right.
The previous four steps will result in recommendations for prioritizing objectives, target capability levels and an adoption of specific variance of a government system component.
Recommendations for prioritizing objectives will be the result of the aforementioned steps in that it will allow an enterprise to focus on the needs that support the main drivers of a nightie governance program.
Target capability levels will also be introduced depending on what the organization requires.
For example, an organization in a highly regulated industry will need a higher capability level of compliance with laws and regulations than it's less regulated counterparts.
The adoption of specific variance of a governance component will allow for a governance system that is tailored to a specific organizations needs.
Not all organizations are the same. So for talking about a company that is highly regulated, it will adopt specific variants, such as a work culture that is risk aware and security aware.
This can result in conflicting guidance.
Let's take the previous example of an enterprise that wants to support innovation and security
guidance for what the enterprise should focus on. Maybe conflicting.
Thus, the final decision will be a case by case decision, and it will vary from enterprise to enterprise.
Ultimately, this creates a governance system that is tailored to an enterprises needs as the design factors vary as objectives and components vary between organizations.
So in this video we talked about the four steps and stages of the design process, an outline of what each step entails and the results